Will Dormann and Jared Allar discovered that the Lotus Word Pro importfilter of OpenOffice.org, a full-featured office productivity suite thatprovides a near drop-in replacement for Microsoft(R) Office, is notproperly handling object ids in the ".lwp" file format. An attacker canexploit this with a specially crafted file and execute arbitrary code withthe rights of the victim importing the file.

The oldstable distribution (lenny) is not affected by this problem.

For the stable distribution (squeeze), this problem has been fixed inversion 1:3.2.1-11+squeeze3.

For the testing distribution (wheezy), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed inlibreoffice version 1:3.3.3-1.

We recommend that you upgrade your openoffice.org packages.

Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: http://www.debian.org/security/